On July 12, 2024, the proposal for a Regulation of the European parliament laying down harmonized rules on AI (the AI Act) known as regulation EU 2024/1689 was published in the Official Journal of the EU, ending a long legislative process and signaling the dawn of the much-awaited regulatory regime for AI.¹ The Act will enter into force on the 2nd August 2024, with the majority of the provisions applying from August 2, 2026.
The adoption of the AI Act marks a significant milestone for AI regulation in the European Union, and potentially, globally. This first of its kind instrument regulates this globally relevant technology with a huge potential to shape its further development (within the EU). The AI Act emphasizes the importance of trust, transparency and accountability while also ensuring that AI can flourish and boost European innovation.²
The EU’s AI Act shares similar characteristics with the General Data Protection Regulations (GDPR) in the areas of transparency requirements, regulatory framework, compliance, enforcement and protection of rights. The Act seeks to stimulate new innovations and respect of fundamental rights across the Union. It adopts a risk-based approach and prohibits certain practices including the use of AI for predictive policing based on profiling, the use of biometric data to categorize people based on race, religion, or sexual orientation, the use of emotional AI systems in defined situations, etc.³ Furthermore, the AI Act classifies certain AI systems as high-risk and specifies requirements for high-risk AI systems, including the obligations of different entities. Notably, high-risk AI systems deployed by some entities providing public services would require a fundamental rights impact assessment. The AI Act incorporates principles revolving around transparency obligations, prohibition(s) of certain use cases, data governance, and human oversight. These featured principles aim to promote trustworthy AI deployment across the EU. The AI Act provides certain exemptions, with the inclusion for systems used for military and defense, and research.⁴

As it’s becoming a common feature of EU legislations,⁵ the AI Act also stipulates fines for failing to comply with rules around prohibited uses and data governance. For instance, start-ups and small and medium-sized enterprises (SMEs) are subject to proportional administrative fines ranging from €35 million for non-compliance with the provisions of or, if the offender is an undertaking, up to 7% of its total worldwide annual turnover whichever is higher.

One aftermath of the GDPR was the Brussels effect⁶ which saw its widespread adoption, making it a model law for data protection across the globe. One cannot help but wonder if this will also be the case with the AI Act. Some countries are currently developing their own AI regulatory framework and apparently proposing a different approach to that of the AI Act. For instance, the UK has shown a preference for adopting a more flexible approach which will foster AI innovations without heavy regulatory burdens, a sharp departure from the stricter regulatory approach of the EU.⁷ It would also appear that China has favoured a less strict regulatory approach when compared with the EU. This is evident from the use of toolkits for new AI governance laws giving room to quickly adjust regulatory guidance on a need basis.⁸

These are interesting times for AI regulation across the globe. The EU has always been very active when it comes to rolling out regulations. There is undoubtedly some wisdom in a subtle regulatory approach to AI regulation that some other countries are adopting. If the UK and Chinese approaches are anything to go by, one can suggest that the AI Act will not enjoy global fame like the GDPR. Analysts, stakeholders, and other countries of the world will be watching the AI Act closely especially as it pertains to its effects on the further development and adoption of AI (within the EU).